Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SP00LSV' = '%WINDIR%\SP00LSV.exe '
- <SYSTEM32>\regsvr32.exe /u /s MMCShell.dll
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\18C900~1\xiezaidll.bat" "
- %PROGRAM_FILES%\18ІҐ·ЕЖч\rjbanben.cj
- %WINDIR%\rjmch.cj
- %PROGRAM_FILES%\18ІҐ·ЕЖч\rjyunxing.exe
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\VIS1c24.TMP
- <SYSTEM32>\shdocvw.oca
- %PROGRAM_FILES%\18ІҐ·ЕЖч\xiezaidll.bat
- %PROGRAM_FILES%\18ІҐ·ЕЖч\tvtongji.EXE
- %WINDIR%\rjqing.cj
- %WINDIR%\SP00LSV.EXE
- %PROGRAM_FILES%\18ІҐ·ЕЖч\18ІҐ·ЕЖч.exe
- %PROGRAM_FILES%\18ІҐ·ЕЖч\HookMenu.ocx
- %TEMP%\~vis0000\miscdata.xyz
- %TEMP%\~vis0000\rebootnt.exe
- %TEMP%\~vis0000\uninst32.exe
- %TEMP%\~vis0000\vise32ex.dll
- %TEMP%\~vis0000\English.vlg
- %TEMP%\~vis0000\jpeg.dll
- %TEMP%\~vis0000\rollback.log
- <SYSTEM32>\COMDLG32.OCX
- <SYSTEM32>\MSCOMCTL.OCX
- %TEMP%\~vis0000\default.bmp
- %TEMP%\~vis0000\°ІЧ°НјПс.jpg
- %TEMP%\~vis0000\uninstal.log
- %PROGRAM_FILES%\18ІҐ·ЕЖч\rjyunxing.exe
- %WINDIR%\SP00LSV.EXE
- %PROGRAM_FILES%\18ІҐ·ЕЖч\rjbanben.cj
- %WINDIR%\rjmch.cj
- %TEMP%\~vis0000\miscdata.xyz
- 'localhost':1036
- 'localhost':1035
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''